diff --git a/contrib/epee/include/net/net_utils_base.h b/contrib/epee/include/net/net_utils_base.h index 722206ee13..3183c14a42 100644 --- a/contrib/epee/include/net/net_utils_base.h +++ b/contrib/epee/include/net/net_utils_base.h @@ -89,7 +89,7 @@ namespace net_utils bool is_local() const; static constexpr address_type get_type_id() noexcept { return address_type::ipv4; } static constexpr zone get_zone() noexcept { return zone::public_; } - static constexpr bool is_blockable() noexcept { return true; } + static constexpr bool is_bannable() noexcept { return true; } BEGIN_KV_SERIALIZE_MAP() if (is_store) @@ -145,7 +145,7 @@ namespace net_utils bool is_local() const; static constexpr address_type get_type_id() noexcept { return address_type::invalid; } static constexpr zone get_zone() noexcept { return zone::public_; } - static constexpr bool is_blockable() noexcept { return true; } + static constexpr bool is_bannable() noexcept { return true; } BEGIN_KV_SERIALIZE_MAP() KV_SERIALIZE(m_ip) @@ -195,7 +195,7 @@ namespace net_utils bool is_local() const; static constexpr address_type get_type_id() noexcept { return address_type::ipv6; } static constexpr zone get_zone() noexcept { return zone::public_; } - static constexpr bool is_blockable() noexcept { return true; } + static constexpr bool is_bannable() noexcept { return true; } static const uint8_t ID = 2; BEGIN_KV_SERIALIZE_MAP() @@ -235,7 +235,7 @@ namespace net_utils virtual bool is_local() const = 0; virtual address_type get_type_id() const = 0; virtual zone get_zone() const = 0; - virtual bool is_blockable() const = 0; + virtual bool is_bannable() const = 0; virtual std::uint16_t port() const = 0; }; @@ -266,7 +266,7 @@ namespace net_utils virtual bool is_local() const override { return value.is_local(); } virtual address_type get_type_id() const override { return value.get_type_id(); } virtual zone get_zone() const override { return value.get_zone(); } - virtual bool is_blockable() const override { return value.is_blockable(); } + virtual bool is_bannable() const override { return value.is_bannable(); } virtual std::uint16_t port() const override { return value.port(); } }; @@ -313,7 +313,7 @@ namespace net_utils bool is_local() const { return self ? self->is_local() : false; } address_type get_type_id() const { return self ? self->get_type_id() : address_type::invalid; } zone get_zone() const { return self ? self->get_zone() : zone::invalid; } - bool is_blockable() const { return self ? self->is_blockable() : false; } + bool is_bannable() const { return self ? self->is_bannable() : false; } std::uint16_t port() const { return self ? self->port() : 0; } template const Type &as() const { return as_mutable(); } diff --git a/src/cryptonote_config.h b/src/cryptonote_config.h index 88c8e0c20e..f84fd143f1 100644 --- a/src/cryptonote_config.h +++ b/src/cryptonote_config.h @@ -149,14 +149,14 @@ #define P2P_DEFAULT_LIMIT_RATE_DOWN 8192 // kB/s #define P2P_FAILED_ADDR_FORGET_SECONDS (60*60) //1 hour -#define P2P_IP_BLOCKTIME (60*60*24) //24 hour -#define P2P_IP_FAILS_BEFORE_BLOCK 10 +#define P2P_IP_BANTIME (60*60*24) //24 hour +#define P2P_IP_FAILS_BEFORE_BAN 10 #define P2P_IDLE_CONNECTION_KILL_INTERVAL (5*60) //5 minutes #define P2P_SUPPORT_FLAG_FLUFFY_BLOCKS 0x01 #define P2P_SUPPORT_FLAGS P2P_SUPPORT_FLAG_FLUFFY_BLOCKS -#define RPC_IP_FAILS_BEFORE_BLOCK 3 +#define RPC_IP_FAILS_BEFORE_BAN 3 #define CRYPTONOTE_NAME "bitmonero" #define CRYPTONOTE_BLOCKCHAINDATA_FILENAME "data.mdb" @@ -205,7 +205,7 @@ #define RPC_CREDITS_PER_HASH_SCALE ((float)(1<<24)) -#define DNS_BLOCKLIST_LIFETIME (86400 * 8) +#define DNS_BANLIST_LIFETIME (86400 * 8) //The limit is enough for the mandatory transaction content with 16 outputs (547 bytes), //a custom tag (1 byte) and up to 32 bytes of custom data for each recipient. diff --git a/src/cryptonote_protocol/cryptonote_protocol_handler.inl b/src/cryptonote_protocol/cryptonote_protocol_handler.inl index b4a2fda4f0..a9586cc5c7 100644 --- a/src/cryptonote_protocol/cryptonote_protocol_handler.inl +++ b/src/cryptonote_protocol/cryptonote_protocol_handler.inl @@ -519,7 +519,7 @@ namespace cryptonote if(bvc.m_verifivation_failed) { LOG_PRINT_CCONTEXT_L0("Block verification failed, dropping connection"); - drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, false); + drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, false); return 1; } if(bvc.m_added_to_main_chain) @@ -802,7 +802,7 @@ namespace cryptonote if( bvc.m_verifivation_failed ) { LOG_PRINT_CCONTEXT_L0("Block verification failed, dropping connection"); - drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, false); + drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, false); return 1; } if( bvc.m_added_to_main_chain ) @@ -1605,7 +1605,7 @@ namespace cryptonote drop_connections(span_origin); if (!m_p2p->for_connection(span_connection_id, [&](cryptonote_connection_context& context, nodetool::peerid_type peer_id, uint32_t f)->bool{ LOG_PRINT_CCONTEXT_L1("Block verification failed, dropping connection"); - drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BLOCK : 1, true); + drop_connection_with_score(context, bvc.m_bad_pow ? P2P_IP_FAILS_BEFORE_BAN : 1, true); return 1; })) LOG_ERROR_CCONTEXT("span connection id not found"); diff --git a/src/daemon/command_parser_executor.cpp b/src/daemon/command_parser_executor.cpp index a49c8a1ca4..8289dd7412 100644 --- a/src/daemon/command_parser_executor.cpp +++ b/src/daemon/command_parser_executor.cpp @@ -660,7 +660,7 @@ bool t_command_parser_executor::ban(const std::vector& args) std::cout << "Invalid syntax: Expects one or two parameters. For more details, use the help command." << std::endl; return true; } - time_t seconds = P2P_IP_BLOCKTIME; + time_t seconds = P2P_IP_BANTIME; if (args.size() > 1) { try diff --git a/src/daemon/rpc_command_executor.cpp b/src/daemon/rpc_command_executor.cpp index 6529aaf3ad..c53c46efb4 100644 --- a/src/daemon/rpc_command_executor.cpp +++ b/src/daemon/rpc_command_executor.cpp @@ -192,7 +192,7 @@ bool t_rpc_command_executor::print_peer_list(bool white, bool gray, size_t limit std::string failure_message = "Couldn't retrieve peer list"; - req.include_blocked = true; + req.include_banned = req.include_blocked = true; if (m_is_rpc) { @@ -240,7 +240,7 @@ bool t_rpc_command_executor::print_peer_list_stats() { std::string failure_message = "Couldn't retrieve peer list"; req.public_only = false; - req.include_blocked = true; + req.include_banned = req.include_blocked = true; if (m_is_rpc) { diff --git a/src/net/i2p_address.h b/src/net/i2p_address.h index 44e2686830..e6b86ae5ac 100644 --- a/src/net/i2p_address.h +++ b/src/net/i2p_address.h @@ -119,7 +119,7 @@ namespace net } //! \return `!is_unknown()`. - bool is_blockable() const noexcept { return !is_unknown(); } + bool is_bannable() const noexcept { return !is_unknown(); } }; inline bool operator==(const i2p_address& lhs, const i2p_address& rhs) noexcept diff --git a/src/net/tor_address.h b/src/net/tor_address.h index 2c63208717..ec7d2ec6f9 100644 --- a/src/net/tor_address.h +++ b/src/net/tor_address.h @@ -121,7 +121,7 @@ namespace net } //! \return `!is_unknown()`. - bool is_blockable() const noexcept { return !is_unknown(); } + bool is_bannable() const noexcept { return !is_unknown(); } }; inline bool operator==(const tor_address& lhs, const tor_address& rhs) noexcept diff --git a/src/p2p/net_node.cpp b/src/p2p/net_node.cpp index d6681238ff..5d9101421d 100644 --- a/src/p2p/net_node.cpp +++ b/src/p2p/net_node.cpp @@ -152,7 +152,8 @@ namespace nodetool const command_line::arg_descriptor arg_ban_list = {"ban-list", "Specify ban list file, one IP address per line"}; const command_line::arg_descriptor arg_p2p_hide_my_port = {"hide-my-port", "Do not announce yourself as peerlist candidate", false, true}; const command_line::arg_descriptor arg_no_sync = {"no-sync", "Don't synchronize the blockchain with other peers", false}; - const command_line::arg_descriptor arg_enable_dns_blocklist = {"enable-dns-blocklist", "Apply realtime blocklist from DNS", false}; + const command_line::arg_descriptor arg_enable_dns_banlist = {"enable-dns-banlist", "Apply realtime banlist from DNS", false}; + const command_line::arg_descriptor arg_enable_dns_blocklist = {"enable-dns-blocklist", "Apply realtime banlist from DNS, alias for --enable-dns-banlist flag", false}; const command_line::arg_descriptor arg_no_igd = {"no-igd", "Disable UPnP port mapping"}; const command_line::arg_descriptor arg_igd = {"igd", "UPnP port mapping (disabled, enabled, delayed)", "delayed"}; diff --git a/src/p2p/net_node.h b/src/p2p/net_node.h index 7b3477e1f7..efcbe9571b 100644 --- a/src/p2p/net_node.h +++ b/src/p2p/net_node.h @@ -285,13 +285,13 @@ namespace nodetool uint32_t get_max_out_public_peers() const; void change_max_in_public_peers(size_t count); uint32_t get_max_in_public_peers() const; - virtual bool block_host(epee::net_utils::network_address address, time_t seconds = P2P_IP_BLOCKTIME, bool add_only = false); - virtual bool unblock_host(const epee::net_utils::network_address &address); - virtual bool block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BLOCKTIME); - virtual bool unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet); - virtual bool is_host_blocked(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return !is_remote_host_allowed(address, seconds); } - virtual std::map get_blocked_hosts() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_hosts; } - virtual std::map get_blocked_subnets() { CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); return m_blocked_subnets; } + virtual bool ban_host(epee::net_utils::network_address address, time_t seconds = P2P_IP_BANTIME, bool add_only = false); + virtual bool unban_host(const epee::net_utils::network_address &address); + virtual bool ban_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds = P2P_IP_BANTIME); + virtual bool unban_subnet(const epee::net_utils::ipv4_network_subnet &subnet); + virtual bool is_host_banned(const epee::net_utils::network_address &address, time_t *seconds) { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return !is_remote_host_allowed(address, seconds); } + virtual std::map get_banned_hosts() { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return m_banned_hosts; } + virtual std::map get_banned_subnets() { CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return m_banned_subnets; } virtual void add_used_stripe_peer(const typename t_payload_net_handler::connection_context &context); virtual void remove_used_stripe_peer(const typename t_payload_net_handler::connection_context &context); @@ -366,7 +366,7 @@ namespace nodetool bool peer_sync_idle_maker(); bool do_handshake_with_peer(peerid_type& pi, p2p_connection_context& context, bool just_take_peerlist = false); bool do_peer_timed_sync(const epee::net_utils::connection_context_base& context, peerid_type peer_id); - bool update_dns_blocklist(); + bool update_dns_banlist(); bool make_new_connection_from_anchor_peerlist(const std::vector& anchor_peerlist); bool make_new_connection_from_peerlist(network_zone& zone, bool use_white_list); @@ -472,7 +472,7 @@ namespace nodetool epee::math_helper::once_a_time_seconds<60*30, false> m_peerlist_store_interval; epee::math_helper::once_a_time_seconds<60> m_gray_peerlist_housekeeping_interval; epee::math_helper::once_a_time_seconds<3600, false> m_incoming_connections_interval; - epee::math_helper::once_a_time_seconds<7000> m_dns_blocklist_interval; + epee::math_helper::once_a_time_seconds<7000> m_dns_banlist_interval; std::list m_priority_peers; std::vector m_exclusive_peers; @@ -497,9 +497,9 @@ namespace nodetool std::map m_conn_fails_cache; epee::critical_section m_conn_fails_cache_lock; - epee::critical_section m_blocked_hosts_lock; // for both hosts and subnets - std::map m_blocked_hosts; - std::map m_blocked_subnets; + epee::critical_section m_banned_hosts_lock; // for both hosts and subnets + std::map m_banned_hosts; + std::map m_banned_subnets; epee::critical_section m_host_fails_score_lock; std::map m_host_fails_score; @@ -513,7 +513,7 @@ namespace nodetool epee::net_utils::ssl_support_t m_ssl_support; bool m_enable_dns_seed_nodes; - bool m_enable_dns_blocklist; + bool m_enable_dns_banlist; uint32_t max_connections; }; @@ -537,6 +537,7 @@ namespace nodetool extern const command_line::arg_descriptor arg_ban_list; extern const command_line::arg_descriptor arg_p2p_hide_my_port; extern const command_line::arg_descriptor arg_no_sync; + extern const command_line::arg_descriptor arg_enable_dns_banlist; extern const command_line::arg_descriptor arg_enable_dns_blocklist; extern const command_line::arg_descriptor arg_no_igd; diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index 662e598e8a..bbf1f53816 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -116,6 +116,7 @@ namespace nodetool command_line::add_arg(desc, arg_ban_list); command_line::add_arg(desc, arg_p2p_hide_my_port); command_line::add_arg(desc, arg_no_sync); + command_line::add_arg(desc, arg_enable_dns_banlist); command_line::add_arg(desc, arg_enable_dns_blocklist); command_line::add_arg(desc, arg_no_igd); command_line::add_arg(desc, arg_igd); @@ -174,19 +175,19 @@ namespace nodetool template bool node_server::is_remote_host_allowed(const epee::net_utils::network_address &address, time_t *t) { - CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); + CRITICAL_REGION_LOCAL(m_banned_hosts_lock); const time_t now = time(nullptr); // look in the hosts list - auto it = m_blocked_hosts.find(address.host_str()); - if (it != m_blocked_hosts.end()) + auto it = m_banned_hosts.find(address.host_str()); + if (it != m_banned_hosts.end()) { if (now >= it->second) { - m_blocked_hosts.erase(it); - MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unblocked."); - it = m_blocked_hosts.end(); + m_banned_hosts.erase(it); + MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unbanned."); + it = m_banned_hosts.end(); } else { @@ -201,12 +202,12 @@ namespace nodetool { auto ipv4_address = address.template as(); std::map::iterator it; - for (it = m_blocked_subnets.begin(); it != m_blocked_subnets.end(); ) + for (it = m_banned_subnets.begin(); it != m_banned_subnets.end(); ) { if (now >= it->second) { - it = m_blocked_subnets.erase(it); - MCLOG_CYAN(el::Level::Info, "global", "Subnet " << it->first.host_str() << " unblocked."); + it = m_banned_subnets.erase(it); + MCLOG_CYAN(el::Level::Info, "global", "Subnet " << it->first.host_str() << " unbanned."); continue; } if (it->first.matches(ipv4_address)) @@ -224,41 +225,41 @@ namespace nodetool } //----------------------------------------------------------------------------------- template - bool node_server::block_host(epee::net_utils::network_address addr, time_t seconds, bool add_only) + bool node_server::ban_host(epee::net_utils::network_address addr, time_t seconds, bool add_only) { - if(!addr.is_blockable()) + if(!addr.is_bannable()) return false; const time_t now = time(nullptr); bool added = false; - CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); + CRITICAL_REGION_LOCAL(m_banned_hosts_lock); time_t limit; if (now > std::numeric_limits::max() - seconds) limit = std::numeric_limits::max(); else limit = now + seconds; const std::string host_str = addr.host_str(); - auto it = m_blocked_hosts.find(host_str); - if (it == m_blocked_hosts.end()) + auto it = m_banned_hosts.find(host_str); + if (it == m_banned_hosts.end()) { - m_blocked_hosts[host_str] = limit; + m_banned_hosts[host_str] = limit; - // if the host was already blocked due to being in a blocked subnet, let it be silent - bool matches_blocked_subnet = false; + // if the host was already banned due to being in a banned subnet, let it be silent + bool matches_banned_subnet = false; if (addr.get_type_id() == epee::net_utils::address_type::ipv4) { auto ipv4_address = addr.template as(); - for (auto jt = m_blocked_subnets.begin(); jt != m_blocked_subnets.end(); ++jt) + for (auto jt = m_banned_subnets.begin(); jt != m_banned_subnets.end(); ++jt) { if (jt->first.matches(ipv4_address)) { - matches_blocked_subnet = true; + matches_banned_subnet = true; break; } } } - if (!matches_blocked_subnet) + if (!matches_banned_subnet) added = true; } else if (it->second < limit || !add_only) @@ -300,37 +301,37 @@ namespace nodetool } if (added) - MCLOG_CYAN(el::Level::Info, "global", "Host " << host_str << " blocked."); + MCLOG_CYAN(el::Level::Info, "global", "Host " << host_str << " banned."); else - MINFO("Host " << host_str << " block time updated."); + MINFO("Host " << host_str << " ban time updated."); return true; } //----------------------------------------------------------------------------------- template - bool node_server::unblock_host(const epee::net_utils::network_address &address) + bool node_server::unban_host(const epee::net_utils::network_address &address) { - CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); - auto i = m_blocked_hosts.find(address.host_str()); - if (i == m_blocked_hosts.end()) + CRITICAL_REGION_LOCAL(m_banned_hosts_lock); + auto i = m_banned_hosts.find(address.host_str()); + if (i == m_banned_hosts.end()) return false; - m_blocked_hosts.erase(i); - MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unblocked."); + m_banned_hosts.erase(i); + MCLOG_CYAN(el::Level::Info, "global", "Host " << address.host_str() << " unbanned."); return true; } //----------------------------------------------------------------------------------- template - bool node_server::block_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds) + bool node_server::ban_subnet(const epee::net_utils::ipv4_network_subnet &subnet, time_t seconds) { const time_t now = time(nullptr); - CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); + CRITICAL_REGION_LOCAL(m_banned_hosts_lock); time_t limit; if (now > std::numeric_limits::max() - seconds) limit = std::numeric_limits::max(); else limit = now + seconds; - const bool added = m_blocked_subnets.find(subnet) == m_blocked_subnets.end(); - m_blocked_subnets[subnet] = limit; + const bool added = m_banned_subnets.find(subnet) == m_banned_subnets.end(); + m_banned_subnets[subnet] = limit; // drop any connection to that subnet. This should only have to look into // the zone related to the connection, but really make sure everything is @@ -363,39 +364,39 @@ namespace nodetool } if (added) - MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " blocked."); + MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " banned."); else - MINFO("Subnet " << subnet.host_str() << " blocked."); + MINFO("Subnet " << subnet.host_str() << " banned."); return true; } //----------------------------------------------------------------------------------- template - bool node_server::unblock_subnet(const epee::net_utils::ipv4_network_subnet &subnet) + bool node_server::unban_subnet(const epee::net_utils::ipv4_network_subnet &subnet) { - CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); - auto i = m_blocked_subnets.find(subnet); - if (i == m_blocked_subnets.end()) + CRITICAL_REGION_LOCAL(m_banned_hosts_lock); + auto i = m_banned_subnets.find(subnet); + if (i == m_banned_subnets.end()) return false; - m_blocked_subnets.erase(i); - MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " unblocked."); + m_banned_subnets.erase(i); + MCLOG_CYAN(el::Level::Info, "global", "Subnet " << subnet.host_str() << " unbanned."); return true; } //----------------------------------------------------------------------------------- template bool node_server::add_host_fail(const epee::net_utils::network_address &address, unsigned int score) { - if(!address.is_blockable()) + if(!address.is_bannable()) return false; CRITICAL_REGION_LOCAL(m_host_fails_score_lock); uint64_t fails = m_host_fails_score[address.host_str()] += score; MDEBUG("Host " << address.host_str() << " fail score=" << fails); - if(fails > P2P_IP_FAILS_BEFORE_BLOCK) + if(fails > P2P_IP_FAILS_BEFORE_BAN) { auto it = m_host_fails_score.find(address.host_str()); CHECK_AND_ASSERT_MES(it != m_host_fails_score.end(), false, "internal error"); - it->second = P2P_IP_FAILS_BEFORE_BLOCK/2; - block_host(address); + it->second = P2P_IP_FAILS_BEFORE_BAN/2; + ban_host(address); } return true; } @@ -530,13 +531,13 @@ namespace nodetool auto subnet = net::get_ipv4_subnet_address(line); if (subnet) { - block_subnet(*subnet, std::numeric_limits::max()); + ban_subnet(*subnet, std::numeric_limits::max()); continue; } const expect parsed_addr = net::get_network_address(line, 0); if (parsed_addr) { - block_host(*parsed_addr, std::numeric_limits::max()); + ban_host(*parsed_addr, std::numeric_limits::max()); continue; } MERROR("Invalid IP address or IPv4 subnet: " << line); @@ -549,7 +550,8 @@ namespace nodetool if (command_line::has_arg(vm, arg_no_sync)) m_payload_handler.set_no_sync(true); - m_enable_dns_blocklist = command_line::get_arg(vm, arg_enable_dns_blocklist); + m_enable_dns_banlist = command_line::get_arg(vm, arg_enable_dns_banlist) + || command_line::get_arg(vm, arg_enable_dns_blocklist); if ( !set_max_out_peers(public_zone, command_line::get_arg(vm, arg_out_peers) ) ) return false; @@ -907,7 +909,7 @@ namespace nodetool public_zone.m_proxy_address = *endpoint; public_zone.m_can_pingback = false; m_enable_dns_seed_nodes &= proxy_dns_leaks_allowed; - m_enable_dns_blocklist &= proxy_dns_leaks_allowed; + m_enable_dns_banlist &= proxy_dns_leaks_allowed; } if (m_nettype == cryptonote::TESTNET) @@ -2015,14 +2017,14 @@ namespace nodetool m_gray_peerlist_housekeeping_interval.do_call(boost::bind(&node_server::gray_peerlist_housekeeping, this)); m_peerlist_store_interval.do_call(boost::bind(&node_server::store_config, this)); m_incoming_connections_interval.do_call(boost::bind(&node_server::check_incoming_connections, this)); - m_dns_blocklist_interval.do_call(boost::bind(&node_server::update_dns_blocklist, this)); + m_dns_banlist_interval.do_call(boost::bind(&node_server::update_dns_banlist, this)); return true; } //----------------------------------------------------------------------------------- template - bool node_server::update_dns_blocklist() + bool node_server::update_dns_banlist() { - if (!m_enable_dns_blocklist) + if (!m_enable_dns_banlist) return true; if (m_nettype != cryptonote::MAINNET) return true; @@ -2053,23 +2055,23 @@ namespace nodetool auto subnet = net::get_ipv4_subnet_address(ip); if (subnet) { - block_subnet(*subnet, DNS_BLOCKLIST_LIFETIME); + ban_subnet(*subnet, DNS_BANLIST_LIFETIME); ++good; continue; } const expect parsed_addr = net::get_network_address(ip, 0); if (parsed_addr) { - block_host(*parsed_addr, DNS_BLOCKLIST_LIFETIME, true); + ban_host(*parsed_addr, DNS_BANLIST_LIFETIME, true); ++good; continue; } - MWARNING("Invalid IP address or subnet from DNS blocklist: " << ip << " - " << parsed_addr.error()); + MWARNING("Invalid IP address or subnet from DNS banlist: " << ip << " - " << parsed_addr.error()); ++bad; } } if (good > 0) - MINFO(good << " addresses added to the blocklist"); + MINFO(good << " addresses added to the banlist"); return true; } //----------------------------------------------------------------------------------- @@ -2188,7 +2190,7 @@ namespace nodetool LOG_DEBUG_CC(context, "REMOTE PEERLIST: remote peerlist size=" << peerlist_.size()); LOG_TRACE_CC(context, "REMOTE PEERLIST: " << ENDL << print_peerlist_to_string(peerlist_)); - CRITICAL_REGION_LOCAL(m_blocked_hosts_lock); + CRITICAL_REGION_LOCAL(m_banned_hosts_lock); return m_network_zones.at(context.m_remote_address.get_zone()).m_peerlist.merge_peerlist(peerlist_, [this](const peerlist_entry &pe) { return !is_addr_recently_failed(pe.adr) && is_remote_host_allowed(pe.adr); }); diff --git a/src/p2p/net_node_common.h b/src/p2p/net_node_common.h index fd6ea4a993..ed8b483d07 100644 --- a/src/p2p/net_node_common.h +++ b/src/p2p/net_node_common.h @@ -59,10 +59,10 @@ namespace nodetool virtual uint64_t get_public_connections_count()=0; virtual void for_each_connection(std::function f)=0; virtual bool for_connection(const boost::uuids::uuid&, std::function f)=0; - virtual bool block_host(epee::net_utils::network_address address, time_t seconds = 0, bool add_only = false)=0; - virtual bool unblock_host(const epee::net_utils::network_address &address)=0; - virtual std::map get_blocked_hosts()=0; - virtual std::map get_blocked_subnets()=0; + virtual bool ban_host(epee::net_utils::network_address address, time_t seconds = 0, bool add_only = false)=0; + virtual bool unban_host(const epee::net_utils::network_address &address)=0; + virtual std::map get_banned_hosts()=0; + virtual std::map get_banned_subnets()=0; virtual bool add_host_fail(const epee::net_utils::network_address &address, unsigned int score = 1)=0; virtual void add_used_stripe_peer(const t_connection_context &context)=0; virtual void remove_used_stripe_peer(const t_connection_context &context)=0; @@ -105,19 +105,19 @@ namespace nodetool { return false; } - virtual bool block_host(epee::net_utils::network_address address, time_t seconds, bool add_only) + virtual bool ban_host(epee::net_utils::network_address address, time_t seconds, bool add_only) { return true; } - virtual bool unblock_host(const epee::net_utils::network_address &address) + virtual bool unban_host(const epee::net_utils::network_address &address) { return true; } - virtual std::map get_blocked_hosts() + virtual std::map get_banned_hosts() { return std::map(); } - virtual std::map get_blocked_subnets() + virtual std::map get_banned_subnets() { return std::map(); } diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp index f9afa4021f..6556ab117f 100644 --- a/src/rpc/core_rpc_server.cpp +++ b/src/rpc/core_rpc_server.cpp @@ -197,7 +197,7 @@ namespace cryptonote request.gray = true; request.white = true; - request.include_blocked = false; + request.include_banned = request.include_blocked = false; if (!on_get_public_nodes(request, response) || response.status != CORE_RPC_STATUS_OK) { return {}; @@ -465,18 +465,18 @@ namespace cryptonote //------------------------------------------------------------------------------------------------------------------------------ bool core_rpc_server::add_host_fail(const connection_context *ctx, unsigned int score) { - if(!ctx || !ctx->m_remote_address.is_blockable() || disable_rpc_ban) + if(!ctx || !ctx->m_remote_address.is_bannable() || disable_rpc_ban) return false; CRITICAL_REGION_LOCAL(m_host_fails_score_lock); uint64_t fails = m_host_fails_score[ctx->m_remote_address.host_str()] += score; MDEBUG("Host " << ctx->m_remote_address.host_str() << " fail score=" << fails); - if(fails > RPC_IP_FAILS_BEFORE_BLOCK) + if(fails > RPC_IP_FAILS_BEFORE_BAN) { auto it = m_host_fails_score.find(ctx->m_remote_address.host_str()); CHECK_AND_ASSERT_MES(it != m_host_fails_score.end(), false, "internal error"); - it->second = RPC_IP_FAILS_BEFORE_BLOCK/2; - m_p2p.block_host(ctx->m_remote_address); + it->second = RPC_IP_FAILS_BEFORE_BAN/2; + m_p2p.ban_host(ctx->m_remote_address); } return true; } @@ -1560,7 +1560,8 @@ namespace cryptonote for (auto & entry : white_list) { - if (!req.include_blocked && m_p2p.is_host_blocked(entry.adr, NULL)) + if ((!req.include_blocked || !req.include_banned) + && m_p2p.is_host_banned(entry.adr, NULL)) continue; if (entry.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id()) res.white_list.emplace_back(entry.id, entry.adr.as().ip(), @@ -1574,7 +1575,8 @@ namespace cryptonote for (auto & entry : gray_list) { - if (!req.include_blocked && m_p2p.is_host_blocked(entry.adr, NULL)) + if ((!req.include_blocked && !req.include_banned) + && m_p2p.is_host_banned(entry.adr, NULL)) continue; if (entry.adr.get_type_id() == epee::net_utils::ipv4_network_address::get_type_id()) res.gray_list.emplace_back(entry.id, entry.adr.as().ip(), @@ -1596,7 +1598,7 @@ namespace cryptonote COMMAND_RPC_GET_PEER_LIST::request peer_list_req; COMMAND_RPC_GET_PEER_LIST::response peer_list_res; - peer_list_req.include_blocked = req.include_blocked; + peer_list_req.include_banned = req.include_blocked || req.include_banned; const bool success = on_get_peer_list(peer_list_req, peer_list_res, ctx); res.status = peer_list_res.status; if (!success) @@ -2779,8 +2781,8 @@ namespace cryptonote RPC_TRACKER(get_bans); auto now = time(nullptr); - std::map blocked_hosts = m_p2p.get_blocked_hosts(); - for (std::map::const_iterator i = blocked_hosts.begin(); i != blocked_hosts.end(); ++i) + std::map banned_hosts = m_p2p.get_banned_hosts(); + for (std::map::const_iterator i = banned_hosts.begin(); i != banned_hosts.end(); ++i) { if (i->second > now) { COMMAND_RPC_GETBANS::ban b; @@ -2793,8 +2795,8 @@ namespace cryptonote res.bans.push_back(b); } } - std::map blocked_subnets = m_p2p.get_blocked_subnets(); - for (std::map::const_iterator i = blocked_subnets.begin(); i != blocked_subnets.end(); ++i) + std::map banned_subnets = m_p2p.get_banned_subnets(); + for (std::map::const_iterator i = banned_subnets.begin(); i != banned_subnets.end(); ++i) { if (i->second > now) { COMMAND_RPC_GETBANS::ban b; @@ -2823,7 +2825,7 @@ namespace cryptonote epee::net_utils::network_address na = std::move(*na_parsed); time_t seconds; - if (m_p2p.is_host_blocked(na, &seconds)) + if (m_p2p.is_host_banned(na, &seconds)) { res.banned = true; res.seconds = seconds; @@ -2853,9 +2855,9 @@ namespace cryptonote if (ns_parsed) { if (i->ban) - m_p2p.block_subnet(*ns_parsed, i->seconds); + m_p2p.ban_subnet(*ns_parsed, i->seconds); else - m_p2p.unblock_subnet(*ns_parsed); + m_p2p.unban_subnet(*ns_parsed); continue; } } @@ -2877,9 +2879,9 @@ namespace cryptonote na = epee::net_utils::ipv4_network_address{i->ip, 0}; } if (i->ban) - m_p2p.block_host(na, i->seconds); + m_p2p.ban_host(na, i->seconds); else - m_p2p.unblock_host(na); + m_p2p.unban_host(na); } res.status = CORE_RPC_STATUS_OK; diff --git a/src/rpc/core_rpc_server_commands_defs.h b/src/rpc/core_rpc_server_commands_defs.h index 618bf107e4..b391069e98 100644 --- a/src/rpc/core_rpc_server_commands_defs.h +++ b/src/rpc/core_rpc_server_commands_defs.h @@ -1390,12 +1390,14 @@ inline const std::string get_rpc_status(const bool trusted_daemon, const std::st struct request_t: public rpc_request_base { bool public_only; - bool include_blocked; + bool include_blocked; // alias for include_banned + bool include_banned; BEGIN_KV_SERIALIZE_MAP() KV_SERIALIZE_PARENT(rpc_request_base) KV_SERIALIZE_OPT(public_only, true) KV_SERIALIZE_OPT(include_blocked, false) + KV_SERIALIZE_OPT(include_banned, false) END_KV_SERIALIZE_MAP() }; typedef epee::misc_utils::struct_init request; @@ -1441,12 +1443,14 @@ inline const std::string get_rpc_status(const bool trusted_daemon, const std::st { bool gray; bool white; - bool include_blocked; + bool include_banned; + bool include_blocked; // alias for banned BEGIN_KV_SERIALIZE_MAP() KV_SERIALIZE_PARENT(rpc_request_base) KV_SERIALIZE_OPT(gray, false) KV_SERIALIZE_OPT(white, true) + KV_SERIALIZE_OPT(include_banned, false) KV_SERIALIZE_OPT(include_blocked, false) END_KV_SERIALIZE_MAP() }; diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 3874ce8504..f6af3fd579 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -15505,7 +15505,7 @@ std::vector wallet2::get_public_nodes(bool white_only) req.white = true; req.gray = !white_only; - req.include_blocked = false; + req.include_banned = req.include_blocked = false; { const boost::lock_guard lock{m_daemon_rpc_mutex}; diff --git a/tests/unit_tests/epee_utils.cpp b/tests/unit_tests/epee_utils.cpp index 64ed83694e..3061d9002f 100644 --- a/tests/unit_tests/epee_utils.cpp +++ b/tests/unit_tests/epee_utils.cpp @@ -1543,7 +1543,7 @@ TEST(NetUtils, NetworkAddress) static std::string host_str() { return {}; } constexpr static epee::net_utils::address_type get_type_id() noexcept { return epee::net_utils::address_type(-1); } constexpr static epee::net_utils::zone get_zone() noexcept { return epee::net_utils::zone::invalid; } - constexpr static bool is_blockable() noexcept { return false; } + constexpr static bool is_bannable() noexcept { return false; } constexpr static uint16_t port() { return 0; } }; @@ -1556,7 +1556,7 @@ TEST(NetUtils, NetworkAddress) EXPECT_FALSE(empty.is_local()); EXPECT_EQ(epee::net_utils::address_type::invalid, empty.get_type_id()); EXPECT_EQ(epee::net_utils::zone::invalid, empty.get_zone()); - EXPECT_FALSE(empty.is_blockable()); + EXPECT_FALSE(empty.is_bannable()); EXPECT_THROW(empty.as(), std::bad_cast); epee::net_utils::network_address address1{ @@ -1574,7 +1574,7 @@ TEST(NetUtils, NetworkAddress) EXPECT_FALSE(address1.is_local()); EXPECT_EQ(epee::net_utils::ipv4_network_address::get_type_id(), address1.get_type_id()); EXPECT_EQ(epee::net_utils::zone::public_, address1.get_zone()); - EXPECT_TRUE(address1.is_blockable()); + EXPECT_TRUE(address1.is_bannable()); EXPECT_NO_THROW(address1.as()); EXPECT_THROW(address1.as(), std::bad_cast); diff --git a/tests/unit_tests/net.cpp b/tests/unit_tests/net.cpp index abdd2558d7..f8a9b02f4e 100644 --- a/tests/unit_tests/net.cpp +++ b/tests/unit_tests/net.cpp @@ -108,7 +108,7 @@ TEST(tor_address, invalid) EXPECT_TRUE(net::tor_address::make(onion).has_error()); } -TEST(tor_address, unblockable_types) +TEST(tor_address, unbannable_types) { net::tor_address tor{}; @@ -144,14 +144,14 @@ TEST(tor_address, valid) EXPECT_EQ(0u, address1->port()); EXPECT_STREQ(v3_onion, address1->host_str()); EXPECT_STREQ(v3_onion, address1->str().c_str()); - EXPECT_TRUE(address1->is_blockable()); + EXPECT_TRUE(address1->is_bannable()); net::tor_address address2{*address1}; EXPECT_EQ(0u, address2.port()); EXPECT_STREQ(v3_onion, address2.host_str()); EXPECT_STREQ(v3_onion, address2.str().c_str()); - EXPECT_TRUE(address2.is_blockable()); + EXPECT_TRUE(address2.is_bannable()); EXPECT_TRUE(address2.equal(*address1)); EXPECT_TRUE(address1->equal(address2)); EXPECT_TRUE(address2 == *address1); @@ -168,7 +168,7 @@ TEST(tor_address, valid) EXPECT_EQ(6545, address2.port()); EXPECT_STREQ(v3_onion_2, address2.host_str()); EXPECT_EQ(std::string{v3_onion_2} + ":6545", address2.str().c_str()); - EXPECT_TRUE(address2.is_blockable()); + EXPECT_TRUE(address2.is_bannable()); EXPECT_FALSE(address2.equal(*address1)); EXPECT_FALSE(address1->equal(address2)); EXPECT_FALSE(address2 == *address1); @@ -185,7 +185,7 @@ TEST(tor_address, valid) EXPECT_EQ(65535, address3.port()); EXPECT_STREQ(v3_onion, address3.host_str()); EXPECT_EQ(std::string{v3_onion} + ":65535", address3.str().c_str()); - EXPECT_TRUE(address3.is_blockable()); + EXPECT_TRUE(address3.is_bannable()); EXPECT_FALSE(address3.equal(*address1)); EXPECT_FALSE(address1->equal(address3)); EXPECT_FALSE(address3 == *address1); @@ -227,9 +227,9 @@ TEST(tor_address, generic_network_address) EXPECT_EQ(epee::net_utils::zone::tor, tor1.get_zone()); EXPECT_EQ(epee::net_utils::zone::tor, tor2.get_zone()); EXPECT_EQ(epee::net_utils::zone::public_, ip.get_zone()); - EXPECT_TRUE(tor1.is_blockable()); - EXPECT_TRUE(tor2.is_blockable()); - EXPECT_TRUE(ip.is_blockable()); + EXPECT_TRUE(tor1.is_bannable()); + EXPECT_TRUE(tor2.is_bannable()); + EXPECT_TRUE(ip.is_bannable()); } namespace @@ -478,7 +478,7 @@ TEST(i2p_address, invalid) EXPECT_TRUE(net::i2p_address::make(i2p).has_error()); } -TEST(i2p_address, unblockable_types) +TEST(i2p_address, unbannable_types) { net::i2p_address i2p{}; @@ -514,14 +514,14 @@ TEST(i2p_address, valid) EXPECT_EQ(1u, address1->port()); EXPECT_STREQ(b32_i2p, address1->host_str()); EXPECT_STREQ(b32_i2p, address1->str().c_str()); - EXPECT_TRUE(address1->is_blockable()); + EXPECT_TRUE(address1->is_bannable()); net::i2p_address address2{*address1}; EXPECT_EQ(1u, address2.port()); EXPECT_STREQ(b32_i2p, address2.host_str()); EXPECT_STREQ(b32_i2p, address2.str().c_str()); - EXPECT_TRUE(address2.is_blockable()); + EXPECT_TRUE(address2.is_bannable()); EXPECT_TRUE(address2.equal(*address1)); EXPECT_TRUE(address1->equal(address2)); EXPECT_TRUE(address2 == *address1); @@ -538,7 +538,7 @@ TEST(i2p_address, valid) EXPECT_EQ(1u, address2.port()); EXPECT_STREQ(b32_i2p_2, address2.host_str()); EXPECT_EQ(std::string{b32_i2p_2}, address2.str().c_str()); - EXPECT_TRUE(address2.is_blockable()); + EXPECT_TRUE(address2.is_bannable()); EXPECT_FALSE(address2.equal(*address1)); EXPECT_FALSE(address1->equal(address2)); EXPECT_FALSE(address2 == *address1); @@ -555,7 +555,7 @@ TEST(i2p_address, valid) EXPECT_EQ(1u, address3.port()); EXPECT_STREQ(b32_i2p, address3.host_str()); EXPECT_EQ(std::string{b32_i2p}, address3.str().c_str()); - EXPECT_TRUE(address3.is_blockable()); + EXPECT_TRUE(address3.is_bannable()); EXPECT_TRUE(address3.equal(*address1)); EXPECT_TRUE(address1->equal(address3)); EXPECT_TRUE(address3 == *address1); @@ -597,9 +597,9 @@ TEST(i2p_address, generic_network_address) EXPECT_EQ(epee::net_utils::zone::i2p, i2p1.get_zone()); EXPECT_EQ(epee::net_utils::zone::i2p, i2p2.get_zone()); EXPECT_EQ(epee::net_utils::zone::public_, ip.get_zone()); - EXPECT_TRUE(i2p1.is_blockable()); - EXPECT_TRUE(i2p2.is_blockable()); - EXPECT_TRUE(ip.is_blockable()); + EXPECT_TRUE(i2p1.is_bannable()); + EXPECT_TRUE(i2p2.is_bannable()); + EXPECT_TRUE(ip.is_bannable()); } namespace diff --git a/tests/unit_tests/node_server.cpp b/tests/unit_tests/node_server.cpp index 39178884c8..262bbfe069 100644 --- a/tests/unit_tests/node_server.cpp +++ b/tests/unit_tests/node_server.cpp @@ -102,9 +102,9 @@ class test_core : public cryptonote::i_core_events typedef nodetool::node_server> Server; -static bool is_blocked(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL) +static bool is_banned(Server &server, const epee::net_utils::network_address &address, time_t *t = NULL) { - std::map hosts = server.get_blocked_hosts(); + std::map hosts = server.get_banned_hosts(); for (auto rec: hosts) { if (rec.first == address.host_str()) @@ -125,80 +125,80 @@ TEST(ban, add) cprotocol.set_p2p_endpoint(&server); // starts empty - ASSERT_TRUE(server.get_blocked_hosts().empty()); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.get_banned_hosts().empty()); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); // add an IP - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(server.get_blocked_hosts().size() == 1); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.get_banned_hosts().size() == 1); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); // add the same, should not change - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(server.get_blocked_hosts().size() == 1); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.get_banned_hosts().size() == 1); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); - // remove an unblocked IP, should not change - ASSERT_FALSE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,5))); - ASSERT_TRUE(server.get_blocked_hosts().size() == 1); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + // remove an unbanned IP, should not change + ASSERT_FALSE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.get_banned_hosts().size() == 1); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); // remove the IP, ends up empty - ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(server.get_blocked_hosts().size() == 0); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.get_banned_hosts().size() == 0); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); // remove the IP from an empty list, still empty - ASSERT_FALSE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(server.get_blocked_hosts().size() == 0); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_FALSE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.get_banned_hosts().size() == 0); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); - // add two for known amounts of time, they're both blocked - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1)); - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,5), 3)); - ASSERT_TRUE(server.get_blocked_hosts().size() == 2); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); - ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS(1,2,3,5))); + // add two for known amounts of time, they're both banned + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1)); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,5), 3)); + ASSERT_TRUE(server.get_banned_hosts().size() == 2); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS(1,2,3,5))); // these tests would need to call is_remote_ip_allowed, which is private #if 0 - // after two seconds, the first IP is unblocked, but not the second yet + // after two seconds, the first IP is unbanned, but not the second yet sleep(2); - ASSERT_TRUE(server.get_blocked_hosts().size() == 1); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.get_banned_hosts().size() == 1); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); - // after two more seconds, the second IP is also unblocked + // after two more seconds, the second IP is also unbanned sleep(2); - ASSERT_TRUE(server.get_blocked_hosts().size() == 0); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.get_banned_hosts().size() == 0); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); #endif // add an IP again, then re-ban for longer, then shorter time_t t; - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 2)); - ASSERT_TRUE(server.get_blocked_hosts().size() == 1); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 2)); + ASSERT_TRUE(server.get_banned_hosts().size() == 1); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_TRUE(t >= 1); - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 9)); - ASSERT_TRUE(server.get_blocked_hosts().size() == 1); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 9)); + ASSERT_TRUE(server.get_banned_hosts().size() == 1); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_TRUE(t >= 8); - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 5)); - ASSERT_TRUE(server.get_blocked_hosts().size() == 1); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,5))); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 5)); + ASSERT_TRUE(server.get_banned_hosts().size() == 1); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4), &t)); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,5))); ASSERT_TRUE(t >= 4); } @@ -210,12 +210,12 @@ TEST(ban, limit) cprotocol.set_p2p_endpoint(&server); // starts empty - ASSERT_TRUE(server.get_blocked_hosts().empty()); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits::max() - 1)); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1)); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.get_banned_hosts().empty()); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), std::numeric_limits::max() - 1)); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS(1,2,3,4), 1)); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS(1,2,3,4))); } TEST(ban, subnet) @@ -226,28 +226,28 @@ TEST(ban, subnet) Server server(cprotocol); cprotocol.set_p2p_endpoint(&server); - ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,24), 10)); - ASSERT_TRUE(server.get_blocked_subnets().size() == 1); - ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,4), &seconds)); + ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,24), 10)); + ASSERT_TRUE(server.get_banned_subnets().size() == 1); + ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,4), &seconds)); ASSERT_TRUE(seconds >= 9); - ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds)); - ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds)); - ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,4,0), &seconds)); - ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,2,0), &seconds)); - ASSERT_TRUE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24))); - ASSERT_TRUE(server.get_blocked_subnets().size() == 0); - ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds)); - ASSERT_FALSE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds)); - ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10)); - ASSERT_TRUE(server.get_blocked_subnets().size() == 1); - ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,255,3,255), &seconds)); - ASSERT_TRUE(server.is_host_blocked(MAKE_IPV4_ADDRESS(1,0,3,255), &seconds)); - ASSERT_FALSE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24))); - ASSERT_TRUE(server.get_blocked_subnets().size() == 1); - ASSERT_TRUE(server.block_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10)); - ASSERT_TRUE(server.get_blocked_subnets().size() == 1); - ASSERT_TRUE(server.unblock_subnet(MAKE_IPV4_SUBNET(1,255,0,0,8))); - ASSERT_TRUE(server.get_blocked_subnets().size() == 0); + ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds)); + ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds)); + ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,4,0), &seconds)); + ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,2,0), &seconds)); + ASSERT_TRUE(server.unban_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24))); + ASSERT_TRUE(server.get_banned_subnets().size() == 0); + ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,255), &seconds)); + ASSERT_FALSE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,2,3,0), &seconds)); + ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10)); + ASSERT_TRUE(server.get_banned_subnets().size() == 1); + ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,255,3,255), &seconds)); + ASSERT_TRUE(server.is_host_banned(MAKE_IPV4_ADDRESS(1,0,3,255), &seconds)); + ASSERT_FALSE(server.unban_subnet(MAKE_IPV4_SUBNET(1,2,3,8,24))); + ASSERT_TRUE(server.get_banned_subnets().size() == 1); + ASSERT_TRUE(server.ban_subnet(MAKE_IPV4_SUBNET(1,2,3,4,8), 10)); + ASSERT_TRUE(server.get_banned_subnets().size() == 1); + ASSERT_TRUE(server.unban_subnet(MAKE_IPV4_SUBNET(1,255,0,0,8))); + ASSERT_TRUE(server.get_banned_subnets().size() == 0); } TEST(ban, ignores_port) @@ -257,13 +257,13 @@ TEST(ban, ignores_port) Server server(cprotocol); cprotocol.set_p2p_endpoint(&server); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); - ASSERT_TRUE(server.block_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits::max() - 1)); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); - ASSERT_TRUE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6))); - ASSERT_TRUE(server.unblock_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); - ASSERT_FALSE(is_blocked(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); + ASSERT_TRUE(server.ban_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5), std::numeric_limits::max() - 1)); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); + ASSERT_TRUE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6))); + ASSERT_TRUE(server.unban_host(MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,5))); + ASSERT_FALSE(is_banned(server,MAKE_IPV4_ADDRESS_PORT(1,2,3,4,6))); } TEST(node_server, bind_same_p2p_port) @@ -511,7 +511,7 @@ TEST(cryptonote_protocol_handler, race_condition) virtual bool add_host_fail(const address_t&, unsigned int = {}) override { return {}; } - virtual bool block_host(address_t address, time_t = {}, bool = {}) override { + virtual bool ban_host(address_t address, time_t = {}, bool = {}) override { return {}; } virtual bool drop_connection(const contexts::basic& context) override { @@ -541,16 +541,16 @@ TEST(cryptonote_protocol_handler, race_condition) } return {}; } - virtual bool unblock_host(const address_t&) override { + virtual bool unban_host(const address_t&) override { return {}; } virtual zone_t send_txs(blobs_t, const zone_t, const uuid_t&, relay_t) override { return {}; } - virtual bans::subnets get_blocked_subnets() override { + virtual bans::subnets get_banned_subnets() override { return {}; } - virtual bans::hosts get_blocked_hosts() override { + virtual bans::hosts get_banned_hosts() override { return {}; } virtual uint64_t get_public_connections_count() override { diff --git a/utils/fish/monerod.fish b/utils/fish/monerod.fish index 29be7c3ec1..2b06d28688 100644 --- a/utils/fish/monerod.fish +++ b/utils/fish/monerod.fish @@ -71,7 +71,8 @@ complete -c monerod -l anonymous-inbound -r -d ",<[bind- complete -c monerod -l ban-list -r -F -d "Specify ban list file, one IP address per line" complete -c monerod -l hide-my-port -d "Do not announce yourself as peerlist candidate" complete -c monerod -l no-sync -d "Don't synchronize the blockchain with other peers" -complete -c monerod -l enable-dns-blocklist -d "Apply realtime blocklist from DNS" +complete -c monerod -l enable-dns-blocklist -d "Apply realtime banlist from DNS" +complete -c monerod -l enable-dns-banlist -d "Apply realtime banlist from DNS" complete -c monerod -l no-igd -d "Disable UPnP port mapping" complete -c monerod -l igd -r -a "Enabled disabled enabled" -d "UPnP port mapping. Default: delayed" complete -c monerod -l out-peers -r -d "Set max number of out peers. Default: -1"